feat: require admin token for ingestion endpoints

apps/web/app/api/imports/[id]/scan-minio/route.ts

@@ -1,66 +1,17 @@
-import { z } from "zod";
-
-import { getDb } from "@tline/db";
-import { getMinioBucket } from "@tline/minio";
-import { enqueueScanMinioPrefix } from "@tline/queue";
+import { getAdminOk, handleScanMinioImport } from "../handlers";
 
 export const runtime = "nodejs";
 
-const paramsSchema = z.object({ id: z.string().uuid() });
-
-const bodySchema = z
-  .object({
-    bucket: z.string().min(1).optional(),
-    prefix: z.string().min(1).default("originals/"),
-  })
-  .strict();
-
 export async function POST(
   request: Request,
   context: { params: Promise<{ id: string }> },
 ): Promise<Response> {
   const rawParams = await context.params;
-  const paramsParsed = paramsSchema.safeParse(rawParams);
-  if (!paramsParsed.success) {
-    return Response.json(
-      { error: "invalid_params", issues: paramsParsed.error.issues },
-      { status: 400 },
-    );
-  }
-  const params = paramsParsed.data;
   const bodyJson = await request.json().catch(() => ({}));
-  const body = bodySchema.parse(bodyJson);
-
-  const bucket = body.bucket ?? getMinioBucket();
-
-  const db = getDb();
-  const rows = await db<
-    {
-      id: string;
-    }[]
-  >`
-    select id
-    from imports
-    where id = ${params.id}
-    limit 1
-  `;
-
-  const imp = rows[0];
-  if (!imp) {
-    return Response.json({ error: "not_found" }, { status: 404 });
-  }
-
-  await enqueueScanMinioPrefix({
-    importId: imp.id,
-    bucket,
-    prefix: body.prefix,
+  const res = await handleScanMinioImport({
+    adminOk: getAdminOk(request.headers),
+    params: rawParams,
+    body: bodyJson,
   });
-
-  await db`
-    update imports
-    set status = 'queued'
-    where id = ${imp.id}
-  `;
-
-  return Response.json({ ok: true, importId: imp.id, bucket, prefix: body.prefix });
+  return Response.json(res.body, { status: res.status });
 }